Teamcity Security Vulnerabilities and Issues — Teamcity CVE List

Lucene search

JetbrainsTeamcity

18 matches found

CVE•added 2020/08/08 9:15 p.m.•59 views

CVE-2020-15828

In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.

6.5CVSS6.4AI score0.00003EPSS

CVE•added 2020/01/30 6:15 p.m.•54 views

CVE-2020-7909

In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.

7.5CVSS7.5AI score0.00003EPSS

CVE•added 2020/08/08 9:15 p.m.•53 views

CVE-2020-15825

In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.

8.8CVSS8.6AI score0.00006EPSS

CVE•added 2020/08/08 9:15 p.m.•53 views

CVE-2020-15826

In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.

4.3CVSS4.6AI score0.00002EPSS

CVE•added 2020/08/08 9:15 p.m.•50 views

CVE-2020-15829

In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.

5.3CVSS5.4AI score0.00003EPSS

CVE•added 2020/08/08 9:15 p.m.•50 views

CVE-2020-15831

JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.

6.1CVSS5.9AI score0.00007EPSS

CVE•added 2020/08/08 9:15 p.m.•49 views

CVE-2020-15830

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.

6.1CVSS5.9AI score0.00006EPSS

CVE•added 2020/01/30 6:15 p.m.•46 views

CVE-2020-7908

In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.

4.3CVSS4.7AI score0.00002EPSS

CVE•added 2020/01/30 6:15 p.m.•46 views

CVE-2020-7911

In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.

6.1CVSS6.2AI score0.00007EPSS

CVE•added 2020/11/16 3:15 p.m.•44 views

CVE-2020-27628

In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.

4.3CVSS4.6AI score0.00002EPSS

CVE•added 2020/04/22 2:15 p.m.•42 views

CVE-2020-11938

In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.

4.9CVSS5.1AI score0.00004EPSS

CVE•added 2020/04/22 2:15 p.m.•40 views

CVE-2020-11688

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.

7.5CVSS7.5AI score0.00005EPSS

CVE•added 2020/04/22 2:15 p.m.•40 views

CVE-2020-11689

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.

6.5CVSS6.3AI score0.00002EPSS

CVE•added 2020/01/30 6:15 p.m.•40 views

CVE-2020-7910

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.

5.4CVSS5.1AI score0.00007EPSS

CVE•added 2020/04/22 2:15 p.m.•39 views

CVE-2020-11687

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.

7.5CVSS7.6AI score0.00004EPSS

CVE•added 2020/11/16 4:15 p.m.•39 views

CVE-2020-27627

JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.

6.1CVSS6.5AI score0.00003EPSS

CVE•added 2020/04/22 2:15 p.m.•38 views

CVE-2020-11686

In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.

4CVSS4AI score0.00003EPSS

CVE•added 2020/11/16 3:15 p.m.•34 views

CVE-2020-27629

In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.

5.3CVSS5.3AI score0.00004EPSS